Bug 932906 - Exempt Remote XUL from CanCreateWrapper checks. r=bz
authorBobby Holley <bobbyholley@gmail.com>
Wed, 04 Dec 2013 19:15:40 -0800
changeset 174508 997ec8454c145822d7ef2becd568637092df6414
parent 174507 1ae80631738afab72c91ffd7c6d1ebd741a8beb3
child 174509 c595dfa92c1294a7283b477b1122e6a42212e1a9
push id445
push userffxbld
push dateMon, 10 Mar 2014 22:05:19 +0000
treeherdermozilla-release@dc38b741b04e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz
bugs932906
milestone28.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 932906 - Exempt Remote XUL from CanCreateWrapper checks. r=bz
caps/src/nsScriptSecurityManager.cpp
js/xpconnect/tests/chrome/chrome.ini
js/xpconnect/tests/chrome/test_bug932906.xul
--- a/caps/src/nsScriptSecurityManager.cpp
+++ b/caps/src/nsScriptSecurityManager.cpp
@@ -1845,16 +1845,22 @@ nsScriptSecurityManager::CanCreateWrappe
 {
 // XXX Special case for nsIXPCException ?
     ClassInfoData objClassInfo = ClassInfoData(aClassInfo, nullptr);
     if (objClassInfo.IsDOMClass())
     {
         return NS_OK;
     }
 
+    // We give remote-XUL whitelisted domains a free pass here. See bug 932906.
+    if (!xpc::AllowXBLScope(js::GetContextCompartment(cx)))
+    {
+        return NS_OK;
+    }
+
     //--See if the object advertises a non-default level of access
     //  using nsISecurityCheckedComponent
     nsCOMPtr<nsISecurityCheckedComponent> checkedComponent =
         do_QueryInterface(aObj);
 
     nsXPIDLCString objectSecurityLevel;
     if (checkedComponent)
         checkedComponent->CanCreateWrapper((nsIID *)&aIID, getter_Copies(objectSecurityLevel));
--- a/js/xpconnect/tests/chrome/chrome.ini
+++ b/js/xpconnect/tests/chrome/chrome.ini
@@ -45,16 +45,17 @@ support-files =
 [test_bug801241.xul]
 [test_bug812415.xul]
 [test_bug853283.xul]
 [test_bug853571.xul]
 [test_bug858101.xul]
 [test_bug860494.xul]
 [test_bug866823.xul]
 [test_bug895340.xul]
+[test_bug932906.xul]
 [test_xrayToJS.xul]
 [test_chrometoSource.xul]
 [test_cows.xul]
 [test_documentdomain.xul]
 [test_doublewrappedcompartments.xul]
 [test_evalInSandbox.xul]
 [test_evalInWindow.xul]
 [test_exnstack.xul]
new file mode 100644
--- /dev/null
+++ b/js/xpconnect/tests/chrome/test_bug932906.xul
@@ -0,0 +1,72 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/css" href="chrome://global/skin"?>
+<?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=932906
+-->
+<window title="Mozilla Bug 932906"
+        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
+  <script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>
+
+  <!-- test results are displayed in the html:body -->
+  <body xmlns="http://www.w3.org/1999/xhtml">
+  <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=932906"
+     target="_blank">Mozilla Bug 932906</a>
+  </body>
+
+  <!-- test code goes here -->
+  <script type="application/javascript">
+  <![CDATA[
+  const Cu = Components.utils;
+  Cu.import('resource://gre/modules/Services.jsm');
+
+  /** Test for Bug 932906 **/
+  SimpleTest.waitForExplicitFinish();
+
+  function passToContent(shouldThrow) {
+    try {
+      $('ifr').contentWindow.obs = Services.obs;
+      ok(!shouldThrow, "Didn't throw when passing non-DOM XPCWN to content");
+    } catch (e) {
+      ok(shouldThrow, "Threw when passing non-DOM XPCWN to content");
+      ok(/denied/.test(e), "Threw correct exception: " + e);
+    }
+  }
+
+  var gLoadCount = 0;
+  function loaded() {
+    ++gLoadCount;
+    if (gLoadCount == 1)
+      part1();
+    else if (gLoadCount == 2)
+      part2();
+    else
+      ok(false, "Didn't expect three loads");
+  }
+
+  function part1() {
+
+    // Make sure that the pref is what we expect for mochitests.
+    is(Services.prefs.getBoolPref('dom.use_xbl_scopes_for_remote_xul'), true,
+       "Test harness set up like we expect");
+
+
+    // First, test that we can't normally pass non-DOM XPCWNs to content.
+    passToContent(/* shouldThrow = */ true);
+
+    // Now, make sure we _can_ for the remote xul case. We use SpecialPowers
+    // for the pref munging because it cleans up after us.
+    SpecialPowers.pushPrefEnv({set: [['dom.use_xbl_scopes_for_remote_xul', false]]}, function() {
+      $('ifr').contentWindow.location.reload();
+    });
+  }
+
+  function part2() {
+      passToContent(/* shouldThrow = */ false);
+      SimpleTest.finish();
+  }
+
+  ]]>
+  </script>
+  <iframe id="ifr" onload="loaded();" type="content" src="http://example.org/tests/js/xpconnect/tests/mochitest/file_empty.html" />
+</window>